Wireless continues to be a big security concern as it is a primary attack vector for hackers. It is also something that needs to be closely examined during a security assessment. Even if your not part of a ethical hacking or penetration testing team you will want to ensure wireless networks are secure.
Wireless remains a real problem as most of the protocols and applications used send information in clear text. Services such as email, web, FTP, and others were not designed with security in mind and send information as clear text. If you are not using a Virtual Private Networks (VPN) or strong encryption your information can potentially be exposed to any hacker, cracker, or criminal that is nearby. The top five wireless concerns and attacks include:
1. Evil twin – A fake access point that appears to be a valid access point. Attackers seek to trick the user into connecting so that all data can be sniffed.
2. Promiscuous client – Laptops tend to connect to the strongest signal. In this attack the hacker presents a strong signal to lure the victim in.
3. Targeted wardriving – Today’s war drivers look for specific targets. These might be a competitor or other entity the attacker would like to garner information from.
4. Mobile device attacks – These attacks are targeted against point of sale (POS) systems and other devices containing credit card information or sensitive data.
5. Wireless driver attacks – This new category of attack leverages vulnerabilities in wireless device drivers and exploits layer two vulnerabilities.
The common misperception is that wireless network controls have advanced to the point that the attacks discussed above are no longer a threat. While there are many controls to prevent these problems the issue is that they are not always deployed.
As an example of how most people do not lock down wireless consider the DEFCON event known as the “Wall of Sheep.” The Wall of Sheep event is really just an exercise in passively sniffing traffic on the DEFCON wireless network. Any clear text traffic that is sniffed is posted on a large screen in a public area. Over the years, this experiment has been running, the Wall of Sheep has witnessed everything from email addresses, passwords, sensitive information, and even someone filing a tax return with their accountant.
If you are responsible for your organizations wireless security make sure it is locked down. Train your users on good security practices. Make sure employees understand the importance of encryption and make the use of VPN’s mandatory for mobile users. By starting with basic controls you can make it much harder for a hacker to use a wireless system to gain access to your network.